Merge "Revert "Add sepolicies for CPU HAL."" am: 9691a41b0a
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2295597 Change-Id: I96e21bc963b9061e60993cd3b2d79b1761287dc2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
4faf2db7bc
13 changed files with 0 additions and 34 deletions
|
@ -43,7 +43,6 @@ var (
|
||||||
"android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
|
"android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
|
||||||
"android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
|
"android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
|
||||||
"android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
|
"android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
|
||||||
"android.hardware.cpu.monitor.IMonitor/default": EXCEPTION_NO_FUZZER,
|
|
||||||
"android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
|
"android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
|
||||||
"android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
|
"android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
|
||||||
"android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
|
"android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
|
||||||
|
|
|
@ -13,8 +13,6 @@
|
||||||
devicelock_service
|
devicelock_service
|
||||||
hal_bootctl_service
|
hal_bootctl_service
|
||||||
hal_cas_service
|
hal_cas_service
|
||||||
hal_cpu_hwservice
|
|
||||||
hal_cpu_service
|
|
||||||
hal_remoteaccess_service
|
hal_remoteaccess_service
|
||||||
hal_thermal_service
|
hal_thermal_service
|
||||||
hal_usb_gadget_service
|
hal_usb_gadget_service
|
||||||
|
|
|
@ -27,7 +27,6 @@ android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_c
|
||||||
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
|
android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0
|
||||||
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
|
android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0
|
||||||
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
|
android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0
|
||||||
android.hardware.cpu.monitor::IMonitor u:object_r:hal_cpu_hwservice:s0
|
|
||||||
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
|
android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0
|
||||||
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
|
android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0
|
||||||
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
|
android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0
|
||||||
|
|
|
@ -21,7 +21,6 @@ android.hardware.camera.provider.ICameraProvider/internal/0 u:object_r:
|
||||||
android.hardware.cas.IMediaCasService/default u:object_r:hal_cas_service:s0
|
android.hardware.cas.IMediaCasService/default u:object_r:hal_cas_service:s0
|
||||||
android.hardware.confirmationui.IConfirmationUI/default u:object_r:hal_confirmationui_service:s0
|
android.hardware.confirmationui.IConfirmationUI/default u:object_r:hal_confirmationui_service:s0
|
||||||
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
|
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
|
||||||
android.hardware.cpu.monitor.IMonitor/default u:object_r:hal_cpu_service:s0
|
|
||||||
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
|
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
|
||||||
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
|
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
|
||||||
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
|
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
|
||||||
|
|
|
@ -310,7 +310,6 @@ hal_client_domain(system_server, hal_broadcastradio)
|
||||||
hal_client_domain(system_server, hal_codec2)
|
hal_client_domain(system_server, hal_codec2)
|
||||||
hal_client_domain(system_server, hal_configstore)
|
hal_client_domain(system_server, hal_configstore)
|
||||||
hal_client_domain(system_server, hal_contexthub)
|
hal_client_domain(system_server, hal_contexthub)
|
||||||
hal_client_domain(system_server, hal_cpu)
|
|
||||||
hal_client_domain(system_server, hal_face)
|
hal_client_domain(system_server, hal_face)
|
||||||
hal_client_domain(system_server, hal_fingerprint)
|
hal_client_domain(system_server, hal_fingerprint)
|
||||||
hal_client_domain(system_server, hal_gnss)
|
hal_client_domain(system_server, hal_gnss)
|
||||||
|
@ -392,7 +391,6 @@ allow system_server {
|
||||||
hal_bluetooth_server
|
hal_bluetooth_server
|
||||||
hal_camera_server
|
hal_camera_server
|
||||||
hal_codec2_server
|
hal_codec2_server
|
||||||
hal_cpu_server
|
|
||||||
hal_face_server
|
hal_face_server
|
||||||
hal_fingerprint_server
|
hal_fingerprint_server
|
||||||
hal_gnss_server
|
hal_gnss_server
|
||||||
|
|
|
@ -333,7 +333,6 @@ hal_attribute(codec2);
|
||||||
hal_attribute(configstore);
|
hal_attribute(configstore);
|
||||||
hal_attribute(confirmationui);
|
hal_attribute(confirmationui);
|
||||||
hal_attribute(contexthub);
|
hal_attribute(contexthub);
|
||||||
hal_attribute(cpu);
|
|
||||||
hal_attribute(dice);
|
hal_attribute(dice);
|
||||||
hal_attribute(drm);
|
hal_attribute(drm);
|
||||||
hal_attribute(dumpstate);
|
hal_attribute(dumpstate);
|
||||||
|
|
|
@ -82,7 +82,6 @@ allow dumpstate {
|
||||||
hal_broadcastradio_server
|
hal_broadcastradio_server
|
||||||
hal_camera_server
|
hal_camera_server
|
||||||
hal_codec2_server
|
hal_codec2_server
|
||||||
hal_cpu_server
|
|
||||||
hal_drm_server
|
hal_drm_server
|
||||||
hal_evs_server
|
hal_evs_server
|
||||||
hal_face_server
|
hal_face_server
|
||||||
|
@ -152,7 +151,6 @@ binder_call(dumpstate, { appdomain netd wificond })
|
||||||
# Allow dumpstate to call dump() on specific hals.
|
# Allow dumpstate to call dump() on specific hals.
|
||||||
dump_hal(hal_authsecret)
|
dump_hal(hal_authsecret)
|
||||||
dump_hal(hal_contexthub)
|
dump_hal(hal_contexthub)
|
||||||
dump_hal(hal_cpu)
|
|
||||||
dump_hal(hal_drm)
|
dump_hal(hal_drm)
|
||||||
dump_hal(hal_dumpstate)
|
dump_hal(hal_dumpstate)
|
||||||
dump_hal(hal_face)
|
dump_hal(hal_face)
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
# HwBinder IPC from client to server, and callbacks
|
|
||||||
binder_call(hal_cpu_client, hal_cpu_server)
|
|
||||||
binder_call(hal_cpu_server, hal_cpu_client)
|
|
||||||
|
|
||||||
hal_attribute_hwservice(hal_cpu, hal_cpu_hwservice)
|
|
||||||
hal_attribute_service(hal_cpu, hal_cpu_service)
|
|
||||||
|
|
||||||
binder_call(hal_cpu_server, servicemanager)
|
|
||||||
binder_call(hal_cpu_client, servicemanager)
|
|
|
@ -19,7 +19,6 @@ type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_cpu_hwservice, hwservice_manager_type, protected_hwservice;
|
|
||||||
type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_evs_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
|
type hal_face_hwservice, hwservice_manager_type, protected_hwservice;
|
||||||
|
|
|
@ -276,7 +276,6 @@ type hal_camera_service, protected_service, hal_service_type, service_manager_ty
|
||||||
type hal_cas_service, hal_service_type, service_manager_type;
|
type hal_cas_service, hal_service_type, service_manager_type;
|
||||||
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
|
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
|
||||||
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
|
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
|
||||||
type hal_cpu_service, protected_service, hal_service_type, service_manager_type;
|
|
||||||
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
|
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
|
||||||
type hal_drm_service, hal_service_type, service_manager_type;
|
type hal_drm_service, hal_service_type, service_manager_type;
|
||||||
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
|
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
|
||||||
|
|
|
@ -72,7 +72,6 @@ userdebug_or_eng(`
|
||||||
typeattribute su hal_configstore_client;
|
typeattribute su hal_configstore_client;
|
||||||
typeattribute su hal_confirmationui_client;
|
typeattribute su hal_confirmationui_client;
|
||||||
typeattribute su hal_contexthub_client;
|
typeattribute su hal_contexthub_client;
|
||||||
typeattribute su hal_cpu_client;
|
|
||||||
typeattribute su hal_drm_client;
|
typeattribute su hal_drm_client;
|
||||||
typeattribute su hal_cas_client;
|
typeattribute su hal_cas_client;
|
||||||
typeattribute su hal_dumpstate_client;
|
typeattribute su hal_dumpstate_client;
|
||||||
|
|
1
vendor/file_contexts
vendored
1
vendor/file_contexts
vendored
|
@ -35,7 +35,6 @@
|
||||||
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
|
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub-service\.example u:object_r:hal_contexthub_default_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub-service\.example u:object_r:hal_contexthub_default_exec:s0
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.cpu\.monitor-service\.example u:object_r:hal_cpu_default_exec:s0
|
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service u:object_r:hal_drm_default_exec:s0
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0
|
||||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service(-lazy)?\.clearkey u:object_r:hal_drm_clearkey_aidl_exec:s0
|
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service(-lazy)?\.clearkey u:object_r:hal_drm_clearkey_aidl_exec:s0
|
||||||
|
|
11
vendor/hal_cpu_default.te
vendored
11
vendor/hal_cpu_default.te
vendored
|
@ -1,11 +0,0 @@
|
||||||
type hal_cpu_default, domain;
|
|
||||||
hal_server_domain(hal_cpu_default, hal_cpu)
|
|
||||||
|
|
||||||
type hal_cpu_default_exec, exec_type, vendor_file_type, file_type;
|
|
||||||
init_daemon_domain(hal_cpu_default)
|
|
||||||
|
|
||||||
# Allow reading /proc/stat
|
|
||||||
allow hal_cpu_default proc_stat:file r_file_perms;
|
|
||||||
|
|
||||||
# Allow reading cpuset information
|
|
||||||
allow hal_cpu_default cgroup:dir r_dir_perms;
|
|
Loading…
Reference in a new issue